Bug 478327 - radvd needs an SELinux rule
Summary: radvd needs an SELinux rule
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 9
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-12-28 08:04 UTC by Allen Kistler
Modified: 2009-01-15 15:43 UTC (History)
3 users (show)

Fixed In Version: selinux-policy-3.3.1-117.fc9.noarch
Clone Of:
Environment:
Last Closed: 2009-01-15 15:43:11 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Allen Kistler 2008-12-28 08:04:23 UTC
Description of problem:
AVC denials appear in audit.log when radvd starts.

Version-Release number of selected component (if applicable):
selinux-policy-3.3.1-116.fc9.noarch
selinux-policy-targeted-3.3.1-116.fc9.noarch

How reproducible:
Always

Steps to Reproduce:
1. start radvd
2. look in audit.log
  
Actual results:
28 messages logged to audit.log that look like
type=AVC msg=audit(1230449705.134:2914): avc:  denied  { net_admin } for  pid=21
290 comm="radvd" capability=12 scontext=unconfined_u:system_r:radvd_t:s0 tcontex
t=unconfined_u:system_r:radvd_t:s0 tclass=capability

Expected results:
No AVC denials

Additional info:
I've only started using radvd, so I'm not certain what functionality is getting blocked.  Nevertheless, I generated and installed the following policy with audit2allow.

require {
        type radvd_t;
        class capability net_admin;
}
require {
        type radvd_t;
        class capability net_admin;
}

#============= radvd_t ==============
allow radvd_t self:capability net_admin;

Comment 1 Miroslav Grepl 2009-01-05 12:48:12 UTC
Fixed in selinux-policy-3.3.1-117.fc9.noarch

Comment 2 Allen Kistler 2009-01-09 00:37:27 UTC
Fix verified.  I'll close the bug when 117 (or later) goes to updates for F9.

Comment 3 Allen Kistler 2009-01-15 15:43:11 UTC
selinux-policy-3.3.1-117.fc9.noarch is in updates.  Closing.


Note You need to log in before you can comment on or make changes to this bug.